Skip to content

Commit 5293b7f

Browse files
committed
Rename tool in github security page for maven scans
Signed-off-by: Jakub Stejskal <xstejs24@gmail.com>
1 parent 7f9b04b commit 5293b7f

3 files changed

Lines changed: 12 additions & 15 deletions

File tree

.github/actions/security/snyk-container-scan/action.yml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,6 @@ inputs:
1212
description: "Whether to also run 'snyk container monitor'"
1313
required: false
1414
default: "false"
15-
projectPrefix:
16-
description: "Project prefix for Snyk dashboard (e.g., 'strimzi')"
17-
required: true
1815
snykMonitorTargetReference:
1916
description: "Value for --target-reference in 'snyk container monitor' (e.g. release version). Defaults to the image tag."
2017
required: false

.github/actions/security/snyk-maven-scan/action.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,8 @@ inputs:
66
description: "Whether to also run 'snyk monitor'"
77
required: false
88
default: "false"
9-
projectPrefix:
10-
description: "Project prefix for Snyk dashboard and SARIF naming (e.g., 'strimzi')"
9+
scanName:
10+
description: "Name used for SARIF file naming, upload category, and tool display name (e.g., 'strimzi')"
1111
required: true
1212
uploadToCodeScanning:
1313
description: "Whether to upload SARIF results to GitHub Code Scanning"
@@ -35,7 +35,7 @@ runs:
3535
snyk test \
3636
--all-projects \
3737
$EXCLUDE_FLAG \
38-
--sarif-file-output=snyk-maven-${{ inputs.projectPrefix }}.sarif \
38+
--sarif-file-output=snyk-maven-${{ inputs.scanName }}.sarif \
3939
--json-file-output=snyk-results.json
4040
4141
# This is used to set severity score to 0.0 for those results that has empty value for it.
@@ -44,10 +44,10 @@ runs:
4444
- name: Sanitize SARIF security-severity values
4545
shell: bash
4646
run: |
47-
SARIF_FILE="snyk-maven-${{ inputs.projectPrefix }}.sarif"
47+
SARIF_FILE="snyk-maven-${{ inputs.scanName }}.sarif"
4848
if [ -f "$SARIF_FILE" ]; then
49-
jq '
50-
(.runs[].tool.driver.name) = "Snyk Maven" |
49+
jq --arg name "Snyk Maven (${{ inputs.scanName }})" '
50+
(.runs[].tool.driver.name) = $name |
5151
(.runs[].tool.driver.rules[]?.properties."security-severity") |=
5252
if . == null or . == "undefined" or (tostring | test("^[0-9]") | not) then "0.0"
5353
else .
@@ -58,16 +58,16 @@ runs:
5858
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
5959
if: ${{ always() && inputs.uploadToCodeScanning == 'true' }}
6060
with:
61-
sarif_file: snyk-maven-${{ inputs.projectPrefix }}.sarif
62-
category: snyk-maven-${{ inputs.projectPrefix }}
61+
sarif_file: snyk-maven-${{ inputs.scanName }}.sarif
62+
category: snyk-maven-${{ inputs.scanName }}
6363
wait-for-processing: true
6464

6565
- name: Upload SARIF as workflow artifact
6666
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
6767
if: always()
6868
with:
69-
name: snyk-maven-${{ inputs.projectPrefix }}.sarif
70-
path: snyk-maven-${{ inputs.projectPrefix }}.sarif
69+
name: snyk-maven-${{ inputs.scanName }}.sarif
70+
path: snyk-maven-${{ inputs.scanName }}.sarif
7171
retention-days: 30
7272

7373
# Monitor command is used for upload snapshot of the scan to Snyk App where Snyk will do daily scans and can generate reports

.github/workflows/test-snyk.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ jobs:
6262
snykMonitor: "false"
6363
# Keep false to avoid uploading results to GitHub Code Scanning page
6464
uploadToCodeScanning: "false"
65-
projectPrefix: test-drain-cleaner
65+
scanName: test-drain-cleaner
6666
env:
6767
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
6868

@@ -259,7 +259,7 @@ jobs:
259259
snykMonitorTargetReference: "latest"
260260
# Keep false to avoid uploading results to GitHub Code Scanning page
261261
uploadToCodeScanning: "false"
262-
projectPrefix: test-drain-cleaner
262+
scanName: test-drain-cleaner
263263
env:
264264
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
265265

0 commit comments

Comments
 (0)